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This  document  defines  the  maintainability  block  diagrams  and 
math  models  and  reliability  block  diagrams  for  the  externally 
mounted,  automatically  expelled/inf lated  multiplace  life  raft 
for  helicopters  (automated  life  raft  (ALR)).  These  diagrams 
and  models  serve  as  a basis  for  estimating  the  effectiveness 
of  the  life  raft  as  a survival  system  and  will  be  used  in 
allocation,  prediction  and  failure  modes  and  effects  analysis. 


KEY  WORDS 

Block  Diagram 
Math  Model 

Hardware  Breakdown  Structure  (HBS ) 
Planned  Maintenance 
Special  Inspection 
Phased  Inspection 
Maintenance  Downtime 
Turnaround  Inspection 
Flight  Safety  Reliability 
Mission  Reliability 

Maintenance  Malfunction  Reliability 


► v)*«  \*  4 i 


ALR 

{ 

I 

WRA 

BCM 

BCM1-3 

MH/FK 

X 

ET 

CREW 

TURNAROUND 

SPECIAL 

PHASE 


i 


NUMBER  D210-111G3-1 
REV  LTR 

ABDRr.VI  ATIONS 

Automated  Life  Raft 
Weapons  Replaceable  Assembly 

Beyond  Capability  of  Intermediate  Maintenance 
(Item  Condemned) 

Beyond  Capability  of  Intermediate  Maintenance 
(Item  Shipped  to  Depot  Level) 

Man-hour  per  Flight  Hour 

Maintenance  Action  Rate  per  1000  Flight  Hours 

Elapsed  Time  in  Minutes 

Average  Number  of  Men  Required  for  the 
Maintenance  Action 

Performed  Every  Two  night  Hours  and 
X = 500/1000  Fii 

Performed  Every  28  Days  or  38.4  Flight  Hours 
and  X = 26.042  per  1000  Flight  Hours 

Performed  Every  400  Flight  Hours  and 
X = 2.5  per  1000  Flight  Hours 


SHEET  0 


- '»  T *\f  > 
— . - W j . « 


NUMBER  D210-11163-1 
REV  LTR 


f 1 

i i 

. 


TABLE  OF  CONTENTS 


Maintainability  Slock  Diagram  and  Mathematical 
Model 

ALR  Hardware  Breakdown  Structure 
ALR  Maintainability  Block  Diagram 
Planned  Maintenance 

4.1  Turnaround  Inspection 

4.2  Special  Inspection 

4.3  Phased  Inspection 

4.4  Corrective  (Unscheduled  Maintenance) 

Maintainability  Math  Model 

5.1  Maintenance  Downtime 

5.2  Organizational  Maintenance  Man-hours 

per  Flight  Hour  (Org . MH/FH) 

5.3  Intermediate  Maintenance  Man-hours 
per  Flight  Hour  (Int.  MH/FH) 

Summary  of  Reliability  Analysis 

6.1  General  Discussion 

6.2  Ground  Rules 

6.3  Design  Change  Rationale 
Reliability  Block  Diagrams 
Reliability  Predictions 
Reliability  Allocations 
Failure  Mode  and  Effects  Analvsis 


Reliability  Test  Program 

11.1  Development  (Problem  Identif ication) Testing 


SHEET  7 


'•*"?  Jf/X  / 

>»•»  4.  • A»'  S ' * 


NUMBER  D210- 1 1 1 1>  3-  1 
REV  LIR 


1.  MAINTAINABILITY  3L0CK  DIAGRAM  AND  MATHEMATICAL  MODEL 


Automate- 


Raft  (ALR)  installation  by  its  nature  as  survival 


uipment  is  not  norma  1 lv  exercise 


lurinu  routine 


liaht  oivr. 


and  hence  its  impact  on  overall  system  operational  readiness  may  be 
considered  as  insignificant.  This  parameter,  considered  herein  as  i 
synonymous  with  availability,  is  assessed  by  the  following  model 
and  later  quantified  as  a part  of  maintainability  allocations  and 
predictions.  Preventive  or  scheduled  maintenance  comprises  the 
ntator  portion  of  the  installation  maintenance  burden  and  is 
addressed  at  both  organi.-.ationa  1 and  intermediate  levels  of  main- 
tenance by  the  model.  Corrective  maintenance  is  treated  in  a like 
manner  and  as  a result  the  block  diagram  and  maintainability  model 
can  be  used  to  determine  the  character  and  magnitude  of  the  ALR 
installation  maintenance  downtimes  and  maintenance  support  demands 
at  the  organizational  and  intermediate  levels  of  maintenance. 

2:  ALR  HARDWARE  BREAKDOWN  STRUCTURE  (H3Si 

The  H3S  affords  a graphic  display  of  the  end  item  subdivided 
into  successively  smaller  units.  Each  unit  is  identified  with 
a summary  number  conforming  to  the  requirements  of  MIL-STD-780, 

"Work  Unit  Codes  and  Maintenance  Engineering  Analysis  Control 
Numbers  (MEACNS ) for  Aeronautical  Equipment?  Uniform  Numbering 
System".  This  number  is  used  for  Logistic  Support  Analysis  ;LSA) 
identi fication  during  design  and  development,  and  for  maintenance 
reporting  during  operational  use,  thus  closing  the  loop  of 
Allocation,  Prediction,  Demonstration  and  Evaluation. 

Figure  1 shows  the  ALR  installation  interfaced  with  a seoment  of 
the  existing  H3S  of  the  H-4o  helicopter  as  contained  in  NAVA I R 
01-250HD-S,  "Work  Unit  Code  Manual  H-46  Aircraft".  As  indicated 
the  ALR  installation  as  presently  envisioned  contains  three  Weapon 
Replaceable  Assemblies  (WRA’s):  Life  Raft  Container,  Cockpit  Control 
and  Cabin  Control . It  should  be  noted  that  the  major  contents  of 
the  Life  Raft  Container,  the  first  lour  Shop  Replaceable  Assemblies 
(SRA's),  are  Government  Furnished  Equipment  (GFE).  T.  ' GFE  com- 
ponents are  included  in  this  maintainability  assessme*.  o provide 
a true  evaluation  of  the  overall  ALR  installation  main  -.once  burden, 
The  added  electrical  components  and  wiring  are  considered  in  this 
model,  recognizing  that  operational  maintenance  would  be  reported 
under  the  Electrical-  work  unit  code  of  42000.  Any  of  the  ALR  sum- 
marv  numbers  mav  be  used  to  exercise  the  maintainabi 1 i tv  model. 


cons  i ie : 


1 3.  ALR  MAINTAINABILITY  3 LOCK  DIAGRAM 

i The  top  level  maintainability  block  diagram  for  the  ALR  is  shown 
' in  Ficure  2.  This  diagram  indicates  what  maintenance  must  bo  por- 
' formed  :nd  why  it  is  performed.  Applying  this  rationale  to  lower 
' levels  of  installation  indenture  results  in  the  definition  of  mai: 
tainability  analysis  work  packages,  i.e.  how  can  maintainability 
techniauos  reduce  the  suimort.  burden  of  required  maintenance.’ 
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4.  PLANNED  MAINTENANCE 

The  Planned  Maintenance  Block  of  the  diagram  refers  to  the  planned 
maintenance  requirements  of  The  Naval  Aviation  Maintenance  Program 
(NAMP)  as  defined  in  Ch  pter  11,  Volume  II  of  OPNAVINST  4790. 2A. 

The  ALR  installation  suport  is  based  on  the  requirements  of  the 
ALR  with  their  rationale  are  defined  in  the  following  paragraphs. 

4.1  TURNAROUND  INSPECTION 

This  inspection  is  conducte  ’ prior  to  the  first  flight  of  each  day 
and  each  subsequent  flight  t'j  ensure  the  integrity  of  the  ALR 
installation.  Since  the  ALR  system  has  a built  in  test  capability 
which  is  exercised  as  part  of  the  pilot's  preflight  check  list, 
the  maintenance  turnaround  is  imited  to  a visual  inspection  of  the 
Life  Raft  Container  for  securiw  and  obvious  damage. 

4.2  SPECIAL  INSPECTION 

A special  inspection  is  an  inspect1 on  with  a prescribed  interval 
other  than  preflight,  post  flight,  daily,  turnaround,  calendar/ 
phased  or  SDLM  (Standard  Depot  Leve  Maintenance) . This  inspection 
may  or  may  not  bo  required  for  the  A 1R,  however  it  shall  be  con- 
sidered when  analyzing  the  final  des; • n configuration  of  the  ALR 
installation.  The  driving  consider at. on  necessitating  this  inspec- 
tion is  the  probability  that  the  insta  1 ation  does  not  unacceptably 
degrade  wir.h  time  between  complete  funcional  checkouts.  Complete 
functional  checkout  is  planned  during  ti . \ H-46  Phase  Inspection 
which  equates  to  a 400  flight  hour  inter-  1 between  checkouts. 
Dependent  on  aircraft  utilization  the  cal  ndar  time  1 eween  check- 
outs will  be  from  5 to  20  months  with  10  t t 12  most  p able. 

Current  ALR  concepts  may  use  water  sensing  ‘.witches  a.  rt  of  the 
automatic  actuation.  These  switches  do  not  have  a ver  liable 
performance  history  and,  should  they  be  used,  • Special  1.  action  at 
28  day  intervals  would  be  established  to  tese  these  swit^.-.es  for 
proper  operation.  Hence  the  need  for,  and  the  . nterval  of,  this 
Special  Inspection,  shall  be  dependent  on  fina  ALR  design  configura 
tion. 

4.3  PHASED  INSPECTION 

The  H-46  helicopter  phased  inspection  is  a series  ,-f  four  related 
inspections  that  are  performed  sequentially  at  IOC1  ,iour  intervals. 
One  of  these  phases  shall  include  a comprehensive  i spection  of  the 
ALR  installation.  The  life  raft  container  will  citi  r be  replaced 
or  removed,  inspected, and  tested  at  the  intermediate  level  of 
maintenance  and  re-installed  on  the  aircraft.  This  a -tion  will 
ensure  that  the  GFE  container  will  be  maintained  in  ac  ordance  with 
NAVAIR  13-1-6.1,  "Aviation-Crew  Systems  Manual,  Inflat  ole  Survival 
Equipment".  While  the  container  is  removed  all  ALR  aii  -raft  wiring 
will  be  inspected  and  checked  out.  The  intermediate  lc  1 require- 
ments shall  be  per  the  NAVAIR  Manual. 


I 


NUMBER  D210-11163-1 
REV  LTR 


COMPANY 


4.4  CORRECTIVE  (UNSCHEDULED)  MAINTENANCE 

Corrective  maintenance  is  a result  of  discrepancies  noted  during 
planned  maintenance  or  reported  by  pilots  after  unsuccessful  pre- 
flight test.  The  latter  represent  an  impact  on  overall  11-46  heli- 
copter availability  and  hence  maintainability  features  of  ALR  design 
shall  receive  special  attention  in  this  area. 

5.  MAINTAINABILITY  MATHEMATICAL  MODEL 

Figure  3 is  a flow  chart  of  the  math  model  used  to  drive  maintain- 
ability quantitative  parameters.  Abbreviations,  constants  and 
variables  are  defined  as  follows: 

WRA 
BCM9 

BCMl-8 

MH/FII 

X 

ET 

CREW 

TURNAROUND 
SPECIAL 
PHASE 


5.1  MAINTENANCE  DOWNTIME 

ALR  preventive  maintenance  is  performed  concurrent  with  existing 
H-46  preventive  maintenance  requirements  and  hence  has  no  effect  on  1 
aircraft  downtime.  ALR  Mean  Maintenance  Downtime  (MMDT)  and  Main- 
tenance Downtime  per  Flight  Hour  (DT/FII)  are  computed  as  follows: 

MMDT  = ((Repair  X * Repair  ET)  + (Replace  \ * Replace  ET)) 
((Repair  \ + Replace  \ ) * 6 0 ) 

DT/'FH  = ((Repair  \ * Repair  ET)  + (Replace  \ * Replace  ET)) 
(1000*60) 

5.2  ORGANIZATIONAL  MAINTENANCE  MANHOURS  PER  FLIGHT  HOUR  (ORG  MH/F11) 

ORG.  MH  /FH  is  a summation  of  preventive  (PREV  ORG  MIL  Fill  and 
corrective  (CORR  ORG  MH/FH)  times,  and  is  computed  as  follows: 


Weapons  Replaceable  Assembly 

Beyond  Capability  of  intermediate  Maintenance 
(Item  condemned) 

Beyond  Capability  of  Intermediate  Maintenance 
(Item  shipped  to  Depot  level) 

Manhours  per  Flight  Hour 

Maintenance  Action  Rate  per  1000  Flight  Hours 
Elapsed  Time  in  Minutes 

Average  number  of  men  required  for  the  maintenance 
action 

Performed  every  two  flight  hours  and  .X  = 500  per 
1000  flight  hours 

Performed  every  28  days  or  38.4  flight  hours  and 
X = 26.042  per  1000  flight  hours 

Performed  even'  400  flight  hours  and  X =2.5  per 
flight  hours 
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PREV  ORG  MH.'FII  = ({TURNAROUND  \ * TURNAROUND  ET  * TURNAROUND 

CREW)  + (SPECIAL  X * SPECIAL  ET  * SPECIAL 
CREW ) + (PHASE  X * PHASE  ET  * PHASE  CREW))/ 
(1000*60) 

CORR  ORG  MH/FH  = ((REPAIR  X * REPAIR  ET  * REPAIR  CREW)  + 

(REPT  ACE  X * REPLACE  ET  * REPLACE  CREW))/ 
0.000*60) 

ORG  MH/FH  = PREV  ORG  MH/FH  + CORR  ORG  MH/FH 

5.3  INTERMEDIATE  MAINTENANCE  MANHOURS  PER  FLIGHT  HOUR  (INT  MH/FH) 

INT  MH/FH  is  also  a summation  of  preventive  and  corrective  time,  and 
is  computed  as  follows: 

INT  MH/FH  = ((PREV  X * PREV  ET  * PREV  CREW)  + (RJ  . TR  WRA  \ 

* REPAIR  WRA  ET  * REPAIR  WRA  CREW))/(100u*60 ) 

6.  SUMMARY  OF  RELIABILITY  ANALYSIS 

The  system  was  analyzed  for  flight  safety,  mission,  and  maintenance 
malfunction  Reliabilities.  This  analysis  included  predictions, 
allocations.  Failure  Mode  and  Effects  Analysis,  and  test  program 
design.  All  numerical  reliability  requirements  were  met,  and  no 
verifiable  single  failure  points  were  found. 

6.1  GENERAL  DISCUSSION 

Three  types  of  Reliability  have  been  analyzed: 

a.  Flight  Safety  Reliability  ~ 

b.  Mission  Reliability 

c.  Maintenance  Malfunction  Reliability 

Flight  Safety  Reliability  is  the  probability  that  no  hardware  failure, 
will  cause  a catastrophic  accident.  For  this  system,  this  is 
essentially  equivalent  to  deployment  of  the  raft(s)  while  flying. 

For  this  system.  Mission  Reliability  is  defined  as  the  probability 
that  the  rafts  would  successfully  deploy  whenever  the  system  was 
actived . 

Maintenance  Malfunction  Reliability  is  the  probability  of  no  hard- 
ware malfunction  requiring  maintenance  action. 

The  simultaneous  analysis  of  all  three  types  of  reliability  is 
essential  to  truly  optimize  the  system.  For  example,  additional 
levels  of  redundancy  tend  to  improve  the  first  two  types  of  relia- 
bility but  maintenance  malfunction  reliability  is  degraded. 
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6.2  The  following  ground  rules  were  used  for  design  evaluation: 

a.  No  single  failure  shall  cause  a flight  safety  loss. 

b.  No  single  failure  shall  cause  a mission  loss. 

c.  The  probability  of  flight  safety  loss  shall  be  in  the 
"remote"  category  (Rfs  greater  than  .9909999  or  about  10 
million  hours  between  safety-affecting  hardware  failures). 

d.  Mission  Reliability  shall  equal  or  exceed  .90  for  439.65 
flight  hours  (18  calendar  months)  under  field  conditions. 

e.  Mission  Reliability  shall  equal  or  exceed  .98  for  one 
hour  bench  tests. 

f.  The  system  shall  have  a 90:,  probability  of  passinq  tests 
designed  to  demonstrate  the  requirements  of  ground  rules 
4 and  5 at  the  90°i  confidence  level. 

g.  Subject  to  the  above  constraints.  Maintenance  Malfunction 
Reliability  shall  be  maximized. 

h.  The  rafts  themselves  are  considered  Government  Furnished 
Equipment  (GFE ) and  are  not  subject  to  the  above  ground 
rules . 

6.3  DESIGN  CHANGE  RATIONALE 

Preliminary  Reliability  analysis  indicated  that  the  sy-O's  as  defined 
in  D210-11002-1  was  not  capable  of  meeting  the  above  a rules. 

Accordingly,  the  design  was  modified  to  that  shown  in  thematic  j 

of  Figure  4.  The  following  are  the  rationale  for  these  ...'.nqes: 

(1)  The  preliminary  Failure  Mode  and  Effects  Analysis  identified  i 

several  wiring  single  failure  points  for  both  flight  safety  and 
mission  reliability  (e.g.  opens,  shorts  to  power,  and  shorts  to  1 

ground);  (2)  The  pilot's  manual  fire  capability  was  inhibited  by  the  ' 
zero  speed  sensor,  but  the  cabin  switch  was  not.  The  prel iminary r ? li 
ability  prediction  indicated  that  single  squibs  even  "Hi-Red"  squibs 
could  not  meet  the  "bench"  Mission  Reliability  requirement.  Although., 
the  water  sensing  switches  were  capable  of  meeting  all  requirements,  , 
a significant  improvement  in  both  redundancy  level  and  all  numerical 
reliabilities  could  be  realized  by  utilizing  switching  logic  already  I 
on  board  the  lie  li  cop  ter . 
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7.  RELIABILITY  BLOCK  DIAGRAMS 
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Figures  5,  o,  7,  and  3 are  the  reliability  block  diagrams  for 
Maintenance  Malfunction,  "bench"  Mission,  "field"  Mission,  and 
Flight  Safety  Reliabilities  respectively.  Unless  otherwise  noted, 
all  numbers  are  "effective"  or  "average"  failure  rates  in  fa: lures 
per  million  hours.  Numbers  such  as  .6(3)123  are  a short  form  for 
.00000000123  (likewise  .9(5)123  = .99999123).  MIL-STD-750  conven- 
tions are  applicable. 

8.  RELIABILITY  PREDICTIONS 

Figure  9 is  a computerized  reliability  prediction  for  the  four 
different  types  of  reliability.  These  predictions  utilize  the 
logical  relationships  (redundancies)  shown  in  the  Reliability 
Block  Diagrams.  All  numbers  are  failure  rates  in  failure  per 
million  hours.  Converted  to  reliabilities,  the  system  values 
are  as  follows: 


— 

Failure 

Time 

Rate 

(Hrs ) 

Maintenance  Malfunction 

632.380 

1 

"bench"  Mission 

24.009 

1 

"field"  Mission 

.061 

439.65  j 

Flight  Safetv 

.0 (81 175 

438.65 

Predicted 
Rcliabi  lit’ 


squired 
' iabi li tv 


The  Maintenance  Malfunction  value  indicates  an  average  :ime  of 
1581  flight  hours  between  maintenance-requiring  malfunctions . 
The  remaining  reliabilities  exceed  their  requirements  by  a mar- 
gin big  enough  to  assure  90%  probability  of  passinq  a 90%  con- 
fidence test.  These  margins  are  also  large  enough  to  assure 
that  a worst  case  (-3  sigma)  deviation  would  still  meet  the 
requirements . 


9.  RELIABILITY  ALLOCATIONS 

Figure  10  is  a computerized  rcliabi 1 
different  types  of  reliability.  The 
logical  relationships  (redundancies) 
Block  Diagrams.  All  numbers  arc  fni 
million  hours.  If  the  system  level 
less  than  the  requirements,  the  proa 
values  to  the  components.  If  the  sy 
rate  is  greater  than  the  requirement 
required  value  to  the  components  in 
contribution  to  the  system  level  pro 
apportionment) . 


.ity  allocation  for  the  four 
so  allocations  utilize  the 
shown  i n the  Re  1 i a b i 1 i tv 
lure  rates  in  fai lures  per 
predicted  failure  rate  is 
ram  allocates  the  predicted 
stem  level  predicted  failure 
, the  program  allocates  the 
proportion  to  their  relative 
diction  (proportioned  burden 
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10.  FAILURE  MODE  AND  EFFECTS  ANALYSIS  (FMEA) 

Figure  11  is  a computerized  Failure  Mode  and  Effects  Analysis 
(FMEA).  "Opens",  "shorts",  "shorts  to  power",  and  "shorts  to 
ground"  were  analyzed.  Since  both  inputs  and  outputs  were 
analyzed,  wiring  failures  are  also  covered.  After  redesign,  no 
mission  single  failure  points  were  identified.  Auto- ignition 
of  the  squibs  would  be  a flight  safety  single  failure  point, 
but  we  were  unable  to  identify  any  recorded  instance  of  this 
mode.  The  basic  technique  for  protection  against  shorts  to 
power  and  shorts  to  ground  is  switch  disconnection  of  both 
power  and  ground  connections.  The  technique-in  conjunction  with 
twisted  pair  power/ground  wiring-gives  better  protection  against 
EMI  induced  firing  that  is  possible  with  shielded  wiring. 

11.  RELIABILITY  TEST  PROGRAM 

The  requirements  for  this  program  do  not  specifically  call  for 
a Reliability  Demonstration  Test.  However,  they  do  say  that: 

a.  Each  system  shall  be  designed  for  a probability  of  success 
(reliability)  of  .98  at  the  90%  confidence  level  for  bench 
testing . 

b.  Each  helicopter  system  shall  be  capable  of  demonstrating  a 
reliability  of  .90  at  the  90%  confidence  level  when  com- 
pletely installed  in  the  subject  helicopter. 

These  require  that  a test  program  be  designed  so  that  the  system 
would  be  capable  of  passing  such  a test  i_f  it  were  run . MIL-STD- 
781  gives  test  plans  which  demonstrate  at  90%  (and  other)  levels 
of  confidence,  but  this,  by  itself,  is  insufficient  to  respond  to 
the  above  requirements!  The  reason  is  that  high  confidence  tests 
(such  as  MIL-STD-781)  are  so  powerful  in  rejecting  bad  equipment 
(less  than  the  requirement)  that  it  also  has  a high  probability 
of  rejecting  good  equipment!  For  example,  take  requirement  a. 
above  (R  of  .98  at  90%  confidence).  Figure  12  shows  that  if  you 
were  to  conduct  a test  of  114  components  (or  systems)  with  no 
failures,  you  would  demonstrate  a reliability  of  .98  at  the  90% 
confidence  level.  Now  suppose  you  entered  this  test  with  114  com- 
ponents with  a true  reliability  of  exactly  .98?  You  would  find 
that  you  have  only  a 10%  chance  of  passing  the  test.*  In  other 
words,  if  you  repeated  this  test  a number  of  times,  an  average  of 
9 out  of  10  tests  would  "flunk”  (have  one  or  more  failures).  It 
turns  out  that  just  to  have  a 50-50  chance  of  passing  the  test, 
you  must  go  into  the  test  with  a true  reliability  of  .99394,  even 
though  the  requirement  was  only  .98.  In  fact,  in  order  to  have  a 


*The  theoretical  c Tor  in  this  statement  is  recognized  but  is 
not  significant  to  the  conclusions  developed. 
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FIGURE  11  (CONTINUED) 
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good  (e . g . , 90%)  probability  o t passion  the  test,  you  must  qo  into  | 
the  tost  with  a true  reliability  ot  .999075!  In  order  to  bettoi 
understand  what  this  means,  consider  the  "mean  time  between  failure!1 
or  MTBF.  A reliability  ot  1 90  for  a one  hour  mission  is  equivalent  | 
to  an  MTBF  of  50  hours.  A reliability  of  .99394  is  equivalent  to  | 
an  MTBR  of  lt>4  hours!  A reliability  ot  .99907o  is  equivalent  to 
an  MTBF  of  1 , 0 il  1 hours!  Thus,  the  t rue  MTBF  must  be  22  times 
greater  than  the  regu i red  - just  to  have  a reasonably  good  prob- 
ability of  passing  the  test!  The  probability  of  not  passing  t ho 
test  is  usually  referred  to  as  "producer's  risk"  (although  it 
should  be  realized  that  in  the  long  run,  the  consumer  actually 
pays  for  it).  Thus,  producer's  risk  is  the  probability  of  reject- 
ins)  good  equipment.  One  minus  the  confidence  (as  a decimal)  is 
equivalent  to  "consumer's  risk"  (risk  of  accepting  bad  equipment). 
The  convention  is  to  set  up  a "fair"  testing  program  (consumer's 
risk  equals  producer's  risk  or  probability  of  passing  equals  con- 
fidence), and  Figure  12  shows  the  results  for  requirement  a.  Note 
that  by  increasing  the  number  of  allowable  failures  ( and  the  number 
of  tests!)  the  "true"  or  designed  reliability  can  be  lowered.  Ob- 
viously there  is  a practical  limit  to  this  approach.  Even  if  we 
were  to  increase  the  number  ot  allowable  failures  to  52,  the  design 
reliability  would  still  have  to  bo  .9859  or  an  MTBF  of  70  hours 
which  is  still  1-12‘i  of  the  required  MTBF  of  50  hours.  Further- 
more, the  destructive  testing  of  3,121  systems  is  probably  im- 
practical front  both  the  time  and  cost  standpoint.  Thus  a balance 
must  be  struck  between  the  designed  (true)  reliability  and  the 
number  of  tests.  If  we  use  the  reliability  prediction  as  an 
estimate  of  the  true  reliability,  the  bench  mission  prediction  ot  j 
R * . 9990759  allows  selection  of  the  "zero  failure  in  114  tests" 
test  program.  If  we  allow  for  an  "order  of  magnitude"  error  in 
the  prediction:  R - .99975°,  the  test  program  can  still  be  zero 
failures  in  114  tests"  because  this  is  the  smallest  program  with 
a 90%  probability  ot  passing.  It  should  be  noted  that  this  is  the  j 
primary  reason  why  the  design  was  not  frozen  when  the  prediction 
first  reached  R = .98.  Figure  13  is  an  equivalent  table  for  t lie 
"field"  mission  and  the  predicted  value  of  R - .999099039  al lows 
the  selection  of  the  "zero  failure  in  22  tests"  test  program.  The 
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11.  I DEVELOPMENT  (PROBLEM  IDENTIFICATION)  TESTING 


The  primary 
cation  test 
1 1 on  o f f .1 1 
each  EMEA  ! 
and  the  res 
level  niter 
Re  1 i ah  1 1 1 : y 
failure  mod 
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reliability  test ing  program  will  be  problem  identit i- 
mg.  The  purge  e ot  this  typo  ot  testing  is  oonfirma- 
lure  ot toots  as  identified  by  the  EMEA.  Spec  it  ically, 
allure  mode  is  art  1 t lciully  induced  into  the  system 
ulting  system  etteet  is  noted.  In  add  1 1 ion , system 
face  failures,  ire  inducee.  to  confirm  the  logic  ot  the 
Block  Piaerams.  hue  to  t lie  art  it  iciul  cre.it  ion  ot 
es , no  attempt  will  bo  made  to  calculate  tuilure  rates 
1 s da  t .1 . 
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